updated auth param

dkleinF5 · dkleinF5 · commit 986d7d37299b · 2025-12-18T09:18:56.000Z
diff --git a/content/waf/policies/external-references.md b/content/waf/policies/external-references.md
@@ -546,9 +546,10 @@ The request will _not be blocked_ because this violation is set to alarm in the
 
 ### Authenticating External References with Basic Auth
 
-For any external reference section in your policy that uses an HTTP or HTTPS link, you can include a `basicAuth` object with the username (`user`) and the base64-encoded password (`passwordBase64`).  
+For any type of external reference in your policy that uses an HTTP or HTTPS link—including simple URL references and OpenAPI references—you can include a `basicAuth` object, which specifies the username (user) and base64-encoded password (passwordBase64) for HTTP Basic Authentication.
 
 **Example:**
+This example uses `responsePageReference`, but the same `basicAuth` configuration applies to any supported external reference (such as OpenAPI or other URL references) that uses an HTTP/HTTPS link.
 
 ```json
 {
@@ -562,7 +563,7 @@ For any external reference section in your policy that uses an HTTP or HTTPS lin
         "link": "https://securedomain.com:8081/response-pages.txt",
         "basicAuth": {
             "user": "<user>",
-            "passwordBase64": "<password>"
+            "passwordBase64": "<passwordBase64>"
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -546,9 +546,10 @@ The request will _not be blocked_ because this violation is set to alarm in the`
`546`	`546`
`547`	`547`	`### Authenticating External References with Basic Auth`
`548`	`548`
`549`		-For any external reference section in your policy that uses an HTTP or HTTPS link, you can include a `basicAuth` object with the username (`user`) and the base64-encoded password (`passwordBase64`).
	`549`	+For any type of external reference in your policy that uses an HTTP or HTTPS link—including simple URL references and OpenAPI references—you can include a `basicAuth` object, which specifies the username (user) and base64-encoded password (passwordBase64) for HTTP Basic Authentication.
`550`	`550`
`551`	`551`	`Example:`
	`552`	+This example uses `responsePageReference`, but the same `basicAuth` configuration applies to any supported external reference (such as OpenAPI or other URL references) that uses an HTTP/HTTPS link.
`552`	`553`
`553`	`554`	```json
`554`	`555`	`{`
`@@ -562,7 +563,7 @@ For any external reference section in your policy that uses an HTTP or HTTPS lin`
`562`	`563`	`"link": "https://securedomain.com:8081/response-pages.txt",`
`563`	`564`	`"basicAuth": {`
`564`	`565`	`"user": "<user>",`
`565`		`- "passwordBase64": "<password>"`
	`566`	`+ "passwordBase64": "<passwordBase64>"`
`566`	`567`	`}`
`567`	`568`	`}`
`568`	`569`	`}`